Nineteen percent of advanced targeted attacks take weeks to discover. Fourteen percent take months to find. And, unfortunately two percent take several years to surface.
With undetected attacks lurking around every corner, you need tools that can identify and eradicate threats fast.
The State of Detection and Correction
Unfortunately, even after an initial abnormality or threat is discovered, it can still take days or months to reach full discovery and containment. Well-funded hackers are continuing to hone their skills and create more sophisticated attacks that are even more complex in their tactics. Additionally, the most destructive malware is designed to evolve over time, making it increasingly difficult to detect.
Source: Driving Efficiency into Malware Detection and Eradication – FOCUS 14 Presentation.
Threats on the Horizon
When targeted attacks are launched against your organization, you face the risk of stolen data and compromised devices, which not only means a possible data breach disclosure, but also leaked information reaching your competitors, extensive threat containment costs, and spoiled brand reputation.
Here are four simple steps to help you protect, detect and correct targeted attacks.
- Know Your Cyberattack Chain
While every cyberattack is unique in destruction capability, most still unfold and progress through a number of predictable stages, known as the cyberattack chain. When you understand the typical strategies intruders use to get into your network, you are better armed to defend your systems. Once you have identified the attack chain that cyberthreats could follow within your network, you can apply protection and mitigation strategies. In addition, it is essential to create a baseline of normal data flows to be use as a benchmark for detecting anomalies in your network.
- Adapt Your Security Solutions
In 2015, it is predicted that global IT security spending will hit over $76 billion. In a world where 362 new threats are occurring every minute, threat protection is more vital than ever. Isolated point products, no matter how great they are, will not stand up to the complexity of today’s attacks. It’s time for security to be as sophisticated as the attack—with integrated solutions that share threat intelligence and move from a reactive to proactive security posture, adapting with changes in the threat landscape.
- Use External Data
As a business, you have a vast amount of data at your disposal, which can be helpful in detecting and preventing cyberattacks. By collecting data on file reputation, for example, you can block known malicious files that could threaten your network. You can also analyze data from phishing emails to collect URL and domain data, use malware indicators to comprehend how malicious code affects various devices, or even leverage information about adversary networks so you know what web addresses to block.
- TIE It Up
When it comes to threats to your data, one of the biggest issues for enterprises is identifying how many systems have been infected. By using tools like McAfee Threat Intelligence Exchange (TIE), you can hone in on where a malicious file was introduced. This feature also extends to how it spreads; such as if the file comes up in ad-remove programs, drops items in the C-temp folder, or hook registry keys. TIE features the ability to integrate external threat feeds with local intelligence, enabling you to evaluate threats with third-party data.
That is just a taste of what McAfee Threat Intelligence Exchange can do to help you detect and eradicate malware in your organization. Want to learn more? Check out our Senior Director of Sales Engineering, Chris Cole’s, FOCUS 14 presentation or our Tech Talk Event, and follow @McAfee for new product updates.